[users@httpd] Bulk SSL certificate purchases

[Ben Spencer <be...@moody.edu>]

We are looking to purchase a bulk number of SSL certificates for a variety
of sites. As we were discussing this with our current SSL certificate
provider, we ran into something which sounds a little odd, and wonder if
others have run into this with their bulk SSL certificate purchases.

When the individual SSL certificate is purchased, we need to specify how
many "hosts" are involved. Simple when dealing with standard apache sites.
Add a load balancer in front of things, and this is where we find things a
little odd as we would end up paying for a cert for each of the back end
servers -- even if the SSL cert is only on the front end load balancer.

Example 1:
If there is a load balance with three hosts behind it. The load balancer is
the only one with an SSL cert, we need to specify 3 hosts when we buy the
cert and end up paying 3 times a single cert cost. Say the cert costs $100.
We would end up paying $300 for the SSL cert for the load balancer because
there are 3 servers serving the site as $100 a pop.

Example 2:
Say we have 3 sites on the same domain (prod.domain.com, test.domain.com,
dev.domain.com) and all three happen to run through the load balancer/proxy
with prod having 2 back end servers and test & dev each having 1 server
(which might simply be different apache virtual host on the same physical
host), we would either need:
  Prod: 2 hosts (load balanced)
  Test: 1 host (proxy only)
  Dev : 1 host (proxy only)

The cost of four SSL certs would be needed (4 x $100 = $400). Should we have
chosen to use a wildcard cert (*.domain.com) at $200 a cert, we still would
need the cost of 4 wildcard certs ($800 total).

Does this seem the standard pricing for the industry?

Benji Spencer
System Administrator

Moody Bible Institute
Phone: 312-329-2288
Fax: 312-329-8961